Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Is there anything for the outdated curl.exe? CVE-2022-43552
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-users <curl-users_at_lists.haxx.se>
Date: Mon, 3 Apr 2023 12:32:15 -0400
On Mon, Apr 3, 2023 at 11:17 AM Daniel Stenberg via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
> On Mon, 3 Apr 2023, maxcoder1 via curl-users wrote:
>
> > Is there anything for the outdated curl.exe? CVE-2022-43552
> >
> > edit: a fully patched w10 / 2019 / 2022 is showing 7.83.1.
>
> See https://curl.se/windows/microsoft.html
>
> When you install Windows, your vendor is called Microsoft and they are
> responsible for the software bundled with their operating system. Please ask
> them about their updates.
+1. Microsoft Global Security (security_at_microsoft.com) may be a good
place to drop a note.
> > Also , if I install the latest version of CURL from https://curl.se/windows/
> > , will it cause any problems?
>
> If you overwrite/delete the old one I suspect it might, yes.
System File Checker (SFC) may not allow that to happen. Or if it
happens, then SFC will restore the old [vulnerable] file because the
tool believes the file is corrupted.
https://support.microsoft.com/en-us/topic/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files-79aa86cb-ca52-166a-92a3-966e85d4094e
Jeff
Date: Mon, 3 Apr 2023 12:32:15 -0400
On Mon, Apr 3, 2023 at 11:17 AM Daniel Stenberg via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
> On Mon, 3 Apr 2023, maxcoder1 via curl-users wrote:
>
> > Is there anything for the outdated curl.exe? CVE-2022-43552
> >
> > edit: a fully patched w10 / 2019 / 2022 is showing 7.83.1.
>
> See https://curl.se/windows/microsoft.html
>
> When you install Windows, your vendor is called Microsoft and they are
> responsible for the software bundled with their operating system. Please ask
> them about their updates.
+1. Microsoft Global Security (security_at_microsoft.com) may be a good
place to drop a note.
> > Also , if I install the latest version of CURL from https://curl.se/windows/
> > , will it cause any problems?
>
> If you overwrite/delete the old one I suspect it might, yes.
System File Checker (SFC) may not allow that to happen. Or if it
happens, then SFC will restore the old [vulnerable] file because the
tool believes the file is corrupted.
https://support.microsoft.com/en-us/topic/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files-79aa86cb-ca52-166a-92a3-966e85d4094e
Jeff
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-04-03